How does MCP Skills trust scoring work?

Every repo or package is evaluated across 4 dimensions — Alive (is it maintained?), Legit (who made it?), Solid (is it secure?), and Usable (can I work with it?). Each dimension combines multiple signals from the GitHub API, npm registry, OpenSSF Scorecard, and our analysis engine to produce a composite score from 0 to 10. Accepts GitHub repos, npm packages, Smithery URLs, and OpenClaw skills.

When MCP Skills detects an AI agent skill or MCP server, the algorithm shifts to Skills Mode. Security weight increases and two additional signals activate: Skill Spec Compliance and Tool Safety. The safety scanner checks for prompt injection, shell execution, credential access, network exfiltration, and obfuscated payloads — the exact attack patterns used in ClawHavoc.

What are the trust tiers?

Repos are assigned one of three trust tiers: Verified (score 7.5+ with strong dimensions — safe to build on), Established (score 4.5+ — solid but check the details), or New (below threshold — promising but unproven). A fourth tier, Blocked, applies when critical safety concerns are detected.

Is the free scan really free?

Yes. Free scans show the trust tier badge, all 4 dimension scores, and a one-line rationale. Free tier allows 3 scans per day from the website or 20 per day via the API. No account required. Single full reports are $2 each, or upgrade to Pro ($9/mo or $39/yr) for unlimited scans, batch API, and monitoring.

What are the limitations of trust scoring?

MCP Skills performs static analysis — source code pattern matching, GitHub metadata, and OpenSSF Scorecard data. It does not yet monitor runtime behavior, multi-step agent chain context leaks, or dynamically fetched payloads. A high score means strong static indicators, but no automated tool catches everything. Runtime observability and tool call auditing are on our roadmap.

The trust badge and risk scanner for MCP servers.

Scan before you install. Certify before users trust you.

MCP Skills checks MCP servers, AI skills, and npm packages across up to 15 trust signals — safety scans for prompt injection, credential theft, and supply chain attacks, plus OSV/KEV/EPSS-backed vulnerability intelligence. Paste a GitHub repo, npm package name, or registry URL.

Recently Verified As of 2026-05-01 UTC · how we score

Verified pulumi/pulumi 8.39 Standard Verified openai/openai-node 8.97 Standard Verified supabase/supabase-js 8.50 Standard

Verified means the algorithmic trust tier (composite ≥ 7.0, no disqualifiers) — not the separate Certified Safe badge program.

1,184 malicious skills found in ClawHavoc 36.82% of skills had at least one security flaw 15 trust signals scored

How trust scoring works

4 dimensions. 15 signals. Data from GitHub API, npm registry, and OpenSSF Scorecard.

Alive Is it maintained?

Commit recency Release cadence Issue responsiveness

Legit Who made it?

Author credibility Community adoption Contributor diversity Download adoption

Solid Is it secure?

Security posture Dependency health Tool safety Supply chain safety

Usable Can I use it?

README quality Spec compliance License clarity

Skills Mode

MCP servers and AI skills get 2 extra signals and heavier security weight. The safety scanner checks source code directly.

Prompt injection Shell execution Credential access Network exfiltration Obfuscated payloads

Patterns from ClawHavoc and ToxicSkills

What we check — and what we don't

Static analysis

Source code pattern matching across 20 files
GitHub metadata: commits, issues, contributors, releases
OpenSSF Scorecard security posture
Dependency health and supply chain signals
Spec compliance and documentation quality

Not yet covered

Runtime behavior monitoring (sandbox execution)
Multi-step agent chain context leaks
Dynamic payloads fetched after install
Tool call audit logging and policy enforcement

Trust scoring is a signal, not a verdict. A high score means strong static indicators across all dimensions — but no automated tool catches everything. Runtime observability and tool call auditing are on our roadmap.

Simple pricing

Free trust tier for every scan. Go Pro for unlimited access, monitoring, and the agent API.

Free

forever

Trust tier badge
Dimension scores
Cross-registry lookup
3 scans/day

Single Scan

one report

All 15 signal scores
Safety scan findings
Vulnerability intel
Shareable report URL

Pro Monthly

$9/mo

unlimited

Unlimited scans
Batch API + monitoring
1000 agent calls/day
Cancel anytime

Best value — saves $69

Pro Annual

$39/yr

$3.25/mo equivalent

Everything in Pro Monthly
Locked-in price for 12 months
Priority support
Save $69 vs monthly

For maintainers

Verified Builder

For MCP server and AI skill maintainers who want users to know their tool is trustworthy. Monitored gold trust badge, recurring recertification, public certified listing, social share cards, and priority review. See badge embed docs →

Apply — pricing tailored to your project

Score from your IDE

Check trust scores without leaving Claude Code, Cursor, or any MCP client. Install in one command.

claude mcp add mcpskills -- npx @mcpskillsio/server

{
  "mcpServers": {
    "mcpskills": {
      "command": "npx",
      "args": ["@mcpskillsio/server"]
    }
  }
}

{
  "mcpServers": {
    "mcpskills": {
      "command": "npx",
      "args": ["@mcpskillsio/server"]
    }
  }
}

check_trust_score

"Score vercel/ai"

Trust tier, composite score, and 4 dimension breakdown for any repo, npm package, or registry URL.

scan_safety

"Is this MCP safe?"

5 safety checks for prompt injection, credential theft, shell execution, and more.

auto_gate

"Should I install this?"

Go/no-go decision with reasoning. Certified repos get instant approval.

batch_check

"Check these 5 deps"

Score up to 5 repos or packages in one call. Great for vetting a stack.

list_packages

"Show safe skill stacks"

Curated, pre-scored skill packages organized by use case.

@mcpskillsio/server on npm

For Developers & Agents

Build trust verification into your toolchain. Accepts GitHub repos, npm packages, Smithery URLs, and more. Agent-optimized API with go/no-go decisions.

Agent Response (Free)

curl -X POST https://mcpskills.io/.netlify/functions/score \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{"repo":"npm:@anthropic-ai/sdk"}'

{
  "safe": true,
  "tier": "verified",
  "score": 8.2,
  "recommendation": "install",
  "flags": [],
  "reasoning": "15 signals, no disqualifiers"
}

Paid Response (API Key)

curl -X POST https://mcpskills.io/.netlify/functions/score \
  -H "Content-Type: application/json" \
  -H "X-API-Key: msk_your_key_here" \
  -d '{"repo":"owner/repo"}'

// Also accepts: npm:@scope/package,
// Smithery URLs, OpenClaw URLs.
// Returns: Full 15-signal breakdown,
// safety findings, recommendations.

Free Agent 20 scans/day · compact response

Single Scan · $2 One full 15-signal report

Pro · $9/mo or $39/yr Unlimited · batch · monitoring